Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue desktop with "spyware infection..." [RESOLVED]

Started by akoh , Dec 21 2005 09:17 PM

  • This topic is locked This topic is locked

#1
akoh
Posted 21 December 2005 - 09:17 PM

akoh

    Member

  • Member
  • PipPip
  • 18 posts
Hi there,

I cannot change my desktop which is blue with a message that says: "spyware infection..." I've pasted below the hijackthis log.

Please help!

Thanks!
Ashley



Logfile of HijackThis v1.99.1
Scan saved at 6:55:05 PM, on 12/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Peter Salamone.HOME.000\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packernet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packernet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: MS OFFICE Toolbar.lnk = C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MindManager PDF Writer.lnk = C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134399331636
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

Advertisements

#2
Cloutz
Posted 24 December 2005 - 11:02 AM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Hi Ashley and welcome to GeekstoGo.

My name is Nick and I will be the one helping you today.

Let's get your computer cleaned up. :tazz:

You are currently running HijackThis from your desktop. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted.
Go to "My Computer", click on c:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or something like that and then please move the HijackThis.exe executable there.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
===================================================
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
===================================================

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Thanks,
Nick :)
  • 0

#3
akoh
Posted 25 December 2005 - 02:00 PM

akoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Merry X'mas, Nick! Thanks for responding to my cry for help :tazz: I ran all the scans you listed except for the last one - the Panda ActiveScan - because it requires activex. And even though i allowed my browser to install the control, it still wouldn't scan. But my desktop is not frozen anymore with the horrid blue screen :) Below are the results from the scans. Please confirm with me if the problem is resolved. Thanks again, Nick! - Ashley



1) smitfiles.txt:


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 12/24/2005
The current time is: 19:58:52.33

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

warnhp.html
desktop.html


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 764 'explorer.exe'
Killing PID 764 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)





2) The quarantine list from ad-aware:

ArchiveData(auto-quarantine- 2005-12-24 20-41-12.bckp)
Referencefile : SE1R82 19.12.2005
======================================================

COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
obj[1]=Regkey : typelib\{110fa82f-db6c-3c24-8929-60961d10c56e}
obj[20]=Regkey : interface\{9d573d0e-663c-435f-bf31-2c4497373c41}
obj[22]=Regkey : software\microsoft\downloadmanager
obj[23]=RegValue : software\microsoft\internet explorer\main "Use Custom Search URL"
obj[24]=RegValue : software\microsoft\internet explorer\main "Toolbars_Placement"
obj[25]=RegValue : software\microsoft\internet explorer\search\searchproperties\en-us "SingleProvider"
obj[26]=RegValue : software\microsoft\windows nt\currentversion\windows "run"
obj[27]=RegValue : software\microsoft\internet explorer\new windows "PopupMgr"
obj[28]=RegValue : software\microsoft\internet explorer\search\searchproperties\en-us "Panel@Web"
obj[29]=RegValue : software\microsoft\internet explorer\main "Enable Browser Extensions"
obj[30]=RegValue : software\microsoft\internet explorer\main "Search Bar"
obj[31]=RegValue : software\microsoft\windows\currentversion\policies\system "NoDispBackgroundPage"
obj[32]=RegValue : software\microsoft "set"
obj[33]=RegValue : software\microsoft\windows\currentversion\internet settings\user agent\post platform "iebar"
obj[35]=File : C:\WINDOWS\ssico.ico
obj[36]=File : C:\WINDOWS\balloon.wav
obj[37]=File : C:\WINDOWS\downloaded program files\Install.dll
obj[38]=File : C:\WINDOWS\system32\wbem\logs\wbemess.log
obj[39]=File : C:\WINDOWS\system32\msblank.html

WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[2]=RegData : S-1-5-21-842925246-2147024851-1060284298-1004\software\microsoft\windows\currentversion\policies\explorer "NoBandCustomize"

ADWARE.TOOLBAND
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=RegValue : S-1-5-21-842925246-2147024851-1060284298-1004\software\microsoft\internet explorer\toolbar\Webbrowser "{08bec6aa-49fc-4379-3587-4b21e286c19e}"
obj[34]=File : C:\Program Files\Microsoft AntiSpyware\Quarantine\6A92B75D-122D-458E-AD99-82A42B\2E1750B2-AED8-4A0D-8B68-E25040

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=IECache Entry : Cookie:peter [email protected]/
obj[5]=IECache Entry : Cookie:peter [email protected]/cgi-bin/
obj[6]=IECache Entry : Cookie:peter [email protected]/
obj[7]=IECache Entry : Cookie:peter [email protected]/
obj[8]=IECache Entry : Cookie:peter [email protected]/
obj[9]=IECache Entry : Cookie:peter [email protected]/
obj[10]=IECache Entry : Cookie:peter [email protected]/
obj[11]=IECache Entry : Cookie:peter [email protected]/
obj[12]=IECache Entry : Cookie:peter [email protected]/
obj[13]=IECache Entry : Cookie:peter [email protected]/
obj[14]=IECache Entry : Cookie:peter [email protected]/cgi-bin
obj[15]=IECache Entry : Cookie:peter [email protected]/
obj[16]=IECache Entry : Cookie:peter [email protected]/
obj[17]=IECache Entry : Cookie:peter [email protected]/
obj[18]=IECache Entry : Cookie:peter [email protected]/
obj[19]=IECache Entry : Cookie:peter [email protected]/





3) ewido report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:07:10 AM, 12/25/2005
+ Report-Checksum: 41C50623

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{033935E4-A208-AB9E-DD2A-6A9B7E426D04} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{12E919BC-C70F-432B-B831-1180DE734505} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-842925246-2147024851-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
[176] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[200] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning
[1124] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning
C:\Documents and Settings\Cathy\Local Settings\Temp\randreco.exe -> Dropper.Agent.ch : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1lcjgepaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4ehdzoeqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4skazkcpqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkogmazmbowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosod5kaogwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykkdzidoamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysicpahpaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4sod5ikogidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloogcjkkpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoidjgkoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Peter Salamone\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Peter Salamone\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Error during cleaning
C:\Documents and Settings\Peter Salamone.HOME\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Error during cleaning
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter salamone@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ACA879EB-C376-4A64-A10A-15AF85\4748A666-F1E0-4B03-BB36-D55B13 -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5EAC0C5-EEDF-47DB-B397-F5137F\2E13F97C-0939-4A49-B275-0D9166 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS1742.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgUS1742.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\enhuninstall.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\KB887472.log:yrfcj -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\kpsys32.dll:dmgda -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:ffatq -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:dekpr -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:olhrh -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\mspostsp.exe -> Trojan.Inject.i : Cleaned with backup
C:\WINDOWS\system32\msupdate32.dll -> Downloader.Agent.abe : Cleaned with backup
C:\WINDOWS\system32\run636.exe -> Downloader.Small.cat : Cleaned with backup
C:\WINDOWS\system32\sdfdil.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\upd261.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOWS\system32\upd310.exe -> Dropper.Agent.ii : Cleaned with backup
C:\WINDOWS\system32\winctrl64.exe -> Downloader.Small.awa : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\CONFLICT.1\sex-viewer.exe -> Dialer.Generic : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\sex-viewer.exe -> Dialer.Generic : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\VLoading.dll -> Spyware.VLoading : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\plugin-37-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\plugin-57-US.exe -> Heuristic.Win32.Dialer : Cleaned with backup
D:\WINDOWS\PLUGIN~1.EXE -> Heuristic.Win32.Dialer : Cleaned with backup
D:\WINDOWS\SET154.TMP -> Heuristic.Win32.Dialer : Cleaned with backup
D:\WINDOWS\PLUGIN~3.EXE -> Heuristic.Win32.Dialer : Cleaned with backup
D:\WINDOWS\PLUGIN~2.EXE -> Heuristic.Win32.Dialer : Cleaned with backup
D:\WINDOWS\plugin-57-us.exe -> Heuristic.Win32.Dialer : Cleaned with backup
D:\Win98\win98\OLS\msn\msnsetup\msnsetup.exe -> Heuristic.Win32.AVKiller : Cleaned with backup


::Report End





4) Latest Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 11:45:39 AM, on 12/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Peter Salamone.HOME.000\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packernet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packernet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: MS OFFICE Toolbar.lnk = C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MindManager PDF Writer.lnk = C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134399331636
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#4
Cloutz
Posted 25 December 2005 - 08:52 PM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Hi Ashley,

You are nearly clean. :tazz:
All we gotta do is get rid of that entry in your log and I'm going to need an online scan log in order to know if you're good to go. :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
Now close all windows other than HiJackThis, then click Fix Checked.

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/.../DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Then please restart your computer.

Make sure you do this scan in Internet Explorer.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log.
Thanks,
Nick
  • 0

#5
akoh
Posted 26 December 2005 - 01:24 PM

akoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Nick,

The online scanners do not work because I need to download the ActiveX controls. And even though I set my browser to prompt/enable me to download ActiveX, it still does not prompt me to do so. Is there any other way to go about this? And by the way, my PC-cillin Internet Security 2005 just found more files infected with troj_startp.c! I put the files in quarantine. Please help!

Thanks,
Ashley
  • 0

#6
Cloutz
Posted 27 December 2005 - 05:49 PM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Hi Ashley,

Please download, install, update and scan your system with the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.

Nick :tazz:
  • 0

#7
akoh
Posted 28 December 2005 - 05:00 PM

akoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Nick,

Just a quick to let you know that my isp is down now but it should be back by tomorrow. I'll do the scan as you mentioned and I'll get back to you asap.

Thanks,
Ashley
  • 0

#8
akoh
Posted 29 December 2005 - 12:57 PM

akoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Nick,

Here are the results of the ewido scan and the hijackthis log. Hopefully the problem is resolved :tazz: Do you have any tips to help me prevent my computer from getting future infections? I already have pc-cillin internet security and microsoft anti-spyware to protect me but i still got this problem.

Thanks,
Ashley



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:45:50 AM, 12/29/2005
+ Report-Checksum: 4C684B10

+ Scan result:

[472] VM_00D70000 -> Downloader.Agent.uj : Error during cleaning
[496] VM_00D90000 -> Downloader.Agent.uj : Error during cleaning
[1436] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning
[1516] VM_00840000 -> Downloader.Agent.uj : Error during cleaning
[1528] VM_00910000 -> Downloader.Agent.uj : Error during cleaning
[1536] VM_003B0000 -> Downloader.Agent.uj : Error during cleaning
[1556] VM_00D20000 -> Downloader.Agent.uj : Error during cleaning
[1596] VM_00A80000 -> Downloader.Agent.uj : Error during cleaning
[1608] VM_00870000 -> Downloader.Agent.uj : Error during cleaning
[3092] VM_007A0000 -> Downloader.Agent.uj : Error during cleaning
C:\Documents and Settings\Peter Salamone\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Peter Salamone\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Error during cleaning
C:\Documents and Settings\Peter Salamone.HOME\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Error during cleaning
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter salamone@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter [email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Peter Salamone.HOME.000\Cookies\peter salamone@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup


::Report End





Logfile of HijackThis v1.99.1
Scan saved at 10:52:01 AM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\Peter Salamone.HOME.000\Desktop\Spyware removal\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packernet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packernet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - Startup: MS OFFICE Toolbar.lnk = C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MindManager PDF Writer.lnk = C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134399331636
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#9
Cloutz
Posted 30 December 2005 - 02:30 PM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Everything looks great, your HijackThis log appears to be CLEAN!!!

Here is a list of tools I like to suggest to users to prevent future infections.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware -Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! -Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Firefox- Internet Explorer is NOT the most secure browser. I highly recommend Firefox as a safer alternative.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Nick :tazz:
  • 0

#10
akoh
Posted 31 December 2005 - 01:39 PM

akoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Nick,

Thanks a lot for all your help!!! :tazz:

Happy new year!
Ashley
  • 0

#11
Cloutz
Posted 02 January 2006 - 12:05 AM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP